)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"7dbd5023b07ddc465f981fde23b4a50f046138fd","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":1,"id":"d125c027_01bc93f3","updated":"2026-03-11 10:35:54.000000000","message":"Why not fix that in the module? e.g. add no_log\u003dTrue to argspec in https://opendev.org/openstack/kayobe/src/commit/fa4f0be487f5a6979964c910f47581529cc6cf66/ansible/roles/ironic-inspector-rules/library/os_ironic_inspector_rule.py#L149","commit_id":"f24a14f1cc22f7782edf811b1240d9727681a214"},{"author":{"_account_id":34212,"name":"Matt Anson","email":"matta@stackhpc.com","username":"m-anson","status":"StackHPC"},"change_message_id":"04058affbe8412c1abc2b78c80a3b8e03faf0d3d","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":1,"id":"b59317bb_8bff52e8","in_reply_to":"7998a40b_8f8535c0","updated":"2026-03-19 12:03:41.000000000","message":"I think latest PS fixes the issue - I\u0027d missed in indirection in the with_items: range.\n\nLogs now show rules that have no sensitive attribute are not marked no_log, though there is no sensitive: true rule to test the inverse.","commit_id":"f24a14f1cc22f7782edf811b1240d9727681a214"},{"author":{"_account_id":28048,"name":"Will Szumski","email":"will@stackhpc.com","username":"jovial"},"change_message_id":"d09f297a65cd152132ec94187e58baf228ab7f27","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":1,"id":"7998a40b_8f8535c0","in_reply_to":"84084d15_30783569","updated":"2026-03-19 09:48:58.000000000","message":"What about splitting the loop? So we have one loop for non sensitive? and one for sensitive items that applies no_log?","commit_id":"f24a14f1cc22f7782edf811b1240d9727681a214"},{"author":{"_account_id":28048,"name":"Will Szumski","email":"will@stackhpc.com","username":"jovial"},"change_message_id":"f2c4dc4d5b674c354e747ea9b4a68d9f41fcff9e","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"1c11692d_aecc8cca","in_reply_to":"b59317bb_8bff52e8","updated":"2026-03-20 09:38:57.000000000","message":"Nice, we do have the rule to set the credentials and it seems to censored on registration:\n\n\n\tchanged: [controller0] \u003d\u003e (item\u003d(censored due to no_log)) \u003d\u003e \n\t    censored: \u0027the output has been hidden due to the fact that \u0027\u0027no_log: true\u0027\u0027 was specified\n\t\tfor this result\u0027\n\t    changed: true\n\n\n\t+-------------+----------------------------------------+\n\t| Field       | Value                                  |\n\t+-------------+----------------------------------------+\n\t| actions     | None                                   |\n\t| conditions  | None                                   |\n\t| created_at  | 2026-03-19T10:37:23+00:00              |\n\t| description | Set IPMI driver_info if no credentials |\n\t| phase       | main                                   |\n\t| priority    | 0                                      |\n\t| sensitive   | True                                   |\n\t| updated_at  | None                                   |\n\t| uuid        | 35535433-15bd-5a74-907c-96ecb3113276   |\n\t+-------------+----------------------------------------+","commit_id":"f24a14f1cc22f7782edf811b1240d9727681a214"},{"author":{"_account_id":28048,"name":"Will Szumski","email":"will@stackhpc.com","username":"jovial"},"change_message_id":"12ea69a2a901a6e09246fd6390268f9d05e69d44","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":1,"id":"84084d15_30783569","in_reply_to":"c5099f82_28bb4ec1","updated":"2026-03-19 09:41:57.000000000","message":"This does actually hide the output of every rule now that I checked the output. That isn\u0027t ideal.","commit_id":"f24a14f1cc22f7782edf811b1240d9727681a214"},{"author":{"_account_id":34212,"name":"Matt Anson","email":"matta@stackhpc.com","username":"m-anson","status":"StackHPC"},"change_message_id":"49d181a2efc421c2777c08f3d68907da31a7104b","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":1,"id":"81776ef6_695fc6e2","in_reply_to":"d125c027_01bc93f3","updated":"2026-03-19 09:36:54.000000000","message":"I couldn\u0027t find a good way to add no_log to argspec of one argument based on the value of another, as they are all instantiated at the same time. Was just after a quick look though and happy to look again if I\u0027m doing it wrong.","commit_id":"f24a14f1cc22f7782edf811b1240d9727681a214"},{"author":{"_account_id":28048,"name":"Will Szumski","email":"will@stackhpc.com","username":"jovial"},"change_message_id":"3742adbf143c795e72d449c3cc470af2a1824c2e","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":1,"id":"c5099f82_28bb4ec1","in_reply_to":"d125c027_01bc93f3","updated":"2026-03-19 09:29:36.000000000","message":"Wouldn\u0027t that only avoid logging the value of the sensitive flag? Or can we make other parameters use no_log if sensitive is true? I think Matt\u0027s solution is reasonable though. If there is a better solution we can always iterate once this has merged.","commit_id":"f24a14f1cc22f7782edf811b1240d9727681a214"},{"author":{"_account_id":34212,"name":"Matt Anson","email":"matta@stackhpc.com","username":"m-anson","status":"StackHPC"},"change_message_id":"49d181a2efc421c2777c08f3d68907da31a7104b","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":2,"id":"b4a7d843_9a7beb97","updated":"2026-03-19 09:36:54.000000000","message":"I think my logic is wrong here too - I think we want the ability to override the no_log: true and set it to false _even if_ the rule is marked sensitive, just for debugging. default(override_var) won\u0027t do that, so I need to revise.","commit_id":"70c23c9a637549b215cbda0215987544850f9fe6"},{"author":{"_account_id":34212,"name":"Matt Anson","email":"matta@stackhpc.com","username":"m-anson","status":"StackHPC"},"change_message_id":"67de211d483175f2b8ee537032c6754ee80828aa","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"e297efe3_52b98150","in_reply_to":"b4a7d843_9a7beb97","updated":"2026-03-19 12:03:55.000000000","message":"Done","commit_id":"70c23c9a637549b215cbda0215987544850f9fe6"},{"author":{"_account_id":28048,"name":"Will Szumski","email":"will@stackhpc.com","username":"jovial"},"change_message_id":"604666581035275ab90648d455ef8c0367363e36","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":3,"id":"5e68f722_ac91c8d3","updated":"2026-03-20 09:41:14.000000000","message":"One thing: We should add this to etc/kayobe/inspector.yml","commit_id":"f27b28aeaa3075ce5975c6551e4b03d97874959b"},{"author":{"_account_id":34212,"name":"Matt Anson","email":"matta@stackhpc.com","username":"m-anson","status":"StackHPC"},"change_message_id":"aae12d25b15d7a7aee740d4f4c22fbac305d5a48","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"c8067d96_8da32433","in_reply_to":"5e68f722_ac91c8d3","updated":"2026-03-20 10:47:55.000000000","message":"Done","commit_id":"f27b28aeaa3075ce5975c6551e4b03d97874959b"},{"author":{"_account_id":28048,"name":"Will Szumski","email":"will@stackhpc.com","username":"jovial"},"change_message_id":"8b0d18272bea2e9eaa9bae64ff20250e89b262d8","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":5,"id":"2f0a174d_f35073fc","updated":"2026-04-07 17:13:47.000000000","message":"recheck","commit_id":"a8635f89bcee9032594fd0da23db32dda8e9c0cf"},{"author":{"_account_id":28048,"name":"Will Szumski","email":"will@stackhpc.com","username":"jovial"},"change_message_id":"112f4bb1b315741efff9e004aab68111a5103e52","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":5,"id":"321226f7_adb18717","updated":"2026-04-07 11:25:11.000000000","message":"recheck","commit_id":"a8635f89bcee9032594fd0da23db32dda8e9c0cf"},{"author":{"_account_id":35263,"name":"Matt Crees","email":"mattc@stackhpc.com","username":"mattcrees"},"change_message_id":"8612dee2895639084a9d45a766a19aaafb87b613","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":5,"id":"35211361_b0267ffc","updated":"2026-04-08 07:52:34.000000000","message":"recheck","commit_id":"a8635f89bcee9032594fd0da23db32dda8e9c0cf"},{"author":{"_account_id":35263,"name":"Matt Crees","email":"mattc@stackhpc.com","username":"mattcrees"},"change_message_id":"a9535e2b4480bae7435e396893dd73ed220f44a1","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":5,"id":"4938138c_a0fbce7c","updated":"2026-04-09 08:34:42.000000000","message":"recheck","commit_id":"a8635f89bcee9032594fd0da23db32dda8e9c0cf"},{"author":{"_account_id":35263,"name":"Matt Crees","email":"mattc@stackhpc.com","username":"mattcrees"},"change_message_id":"7d940583bf788808eae57e2aaa65ee6a54707755","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":5,"id":"5eab67dd_3e787e65","updated":"2026-04-08 14:28:22.000000000","message":"recheck","commit_id":"a8635f89bcee9032594fd0da23db32dda8e9c0cf"},{"author":{"_account_id":28048,"name":"Will Szumski","email":"will@stackhpc.com","username":"jovial"},"change_message_id":"1341542528960de749a0b6eabfb89041761af332","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":5,"id":"d5e2a3a2_5fa0ef19","updated":"2026-04-07 08:29:55.000000000","message":"recheck","commit_id":"a8635f89bcee9032594fd0da23db32dda8e9c0cf"},{"author":{"_account_id":35263,"name":"Matt Crees","email":"mattc@stackhpc.com","username":"mattcrees"},"change_message_id":"4a50f123b7a44b540b187b4c2f08694d4a0fff71","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":5,"id":"fc473873_dc3186a4","updated":"2026-04-01 14:44:50.000000000","message":"recheck: errors reaching opendev.org","commit_id":"a8635f89bcee9032594fd0da23db32dda8e9c0cf"}],"ansible/inventory/group_vars/all/inspector":[{"author":{"_account_id":15197,"name":"Pierre Riteau","email":"pierre@stackhpc.com","username":"priteau","status":"StackHPC"},"change_message_id":"698cf5a65c5a1051c6bee57c1744566a3019016e","unresolved":true,"context_lines":[{"line_number":114,"context_line":"# Redfish CA setting."},{"line_number":115,"context_line":"inspector_rule_var_redfish_verify_ca: True"},{"line_number":116,"context_line":""},{"line_number":117,"context_line":"# Log Ironic inspector rules marked sensitive."},{"line_number":118,"context_line":"ironic_inspector_sensitive_rule_no_log: True"},{"line_number":119,"context_line":""},{"line_number":120,"context_line":"# Ironic inspector rule to set IPMI credentials."}],"source_content_type":"application/octet-stream","patch_set":4,"id":"06e6ca8d_15b7c380","line":117,"updated":"2026-03-30 16:17:58.000000000","message":"Default is true.","commit_id":"ed567c455f7ef822a026ff13330f7775db4519bd"},{"author":{"_account_id":35263,"name":"Matt Crees","email":"mattc@stackhpc.com","username":"mattcrees"},"change_message_id":"08e4078e33bb97fa5900b1189deb491db8aa17b0","unresolved":false,"context_lines":[{"line_number":114,"context_line":"# Redfish CA setting."},{"line_number":115,"context_line":"inspector_rule_var_redfish_verify_ca: True"},{"line_number":116,"context_line":""},{"line_number":117,"context_line":"# Log Ironic inspector rules marked sensitive."},{"line_number":118,"context_line":"ironic_inspector_sensitive_rule_no_log: True"},{"line_number":119,"context_line":""},{"line_number":120,"context_line":"# Ironic inspector rule to set IPMI credentials."}],"source_content_type":"application/octet-stream","patch_set":4,"id":"6b28e8cf_6d4b9da5","line":117,"in_reply_to":"06e6ca8d_15b7c380","updated":"2026-04-01 08:14:20.000000000","message":"Ditto.","commit_id":"ed567c455f7ef822a026ff13330f7775db4519bd"}],"etc/kayobe/inspector.yml":[{"author":{"_account_id":15197,"name":"Pierre Riteau","email":"pierre@stackhpc.com","username":"priteau","status":"StackHPC"},"change_message_id":"698cf5a65c5a1051c6bee57c1744566a3019016e","unresolved":true,"context_lines":[{"line_number":98,"context_line":"# Redfish CA setting. Set to \u0027True\u0027 by default"},{"line_number":99,"context_line":"#inspector_rule_var_redfish_verify_ca:"},{"line_number":100,"context_line":""},{"line_number":101,"context_line":"# Log Ironic inspector rules marked sensitive. Set to \u0027True\u0027 by default"},{"line_number":102,"context_line":"#ironic_inspector_sensitive_rule_no_log:"},{"line_number":103,"context_line":""},{"line_number":104,"context_line":"# Ironic inspector rule to set IPMI credentials."}],"source_content_type":"text/x-yaml","patch_set":4,"id":"235e51bd_6e3f6dd5","line":101,"range":{"start_line":101,"start_character":47,"end_line":101,"end_character":71},"updated":"2026-03-30 16:17:58.000000000","message":"Default is true.","commit_id":"ed567c455f7ef822a026ff13330f7775db4519bd"},{"author":{"_account_id":35263,"name":"Matt Crees","email":"mattc@stackhpc.com","username":"mattcrees"},"change_message_id":"08e4078e33bb97fa5900b1189deb491db8aa17b0","unresolved":false,"context_lines":[{"line_number":98,"context_line":"# Redfish CA setting. Set to \u0027True\u0027 by default"},{"line_number":99,"context_line":"#inspector_rule_var_redfish_verify_ca:"},{"line_number":100,"context_line":""},{"line_number":101,"context_line":"# Log Ironic inspector rules marked sensitive. Set to \u0027True\u0027 by default"},{"line_number":102,"context_line":"#ironic_inspector_sensitive_rule_no_log:"},{"line_number":103,"context_line":""},{"line_number":104,"context_line":"# Ironic inspector rule to set IPMI credentials."}],"source_content_type":"text/x-yaml","patch_set":4,"id":"c985386a_2f9843fb","line":101,"range":{"start_line":101,"start_character":47,"end_line":101,"end_character":71},"in_reply_to":"05725bfd_0be7af4f","updated":"2026-04-01 08:14:20.000000000","message":"I think these should be corrected in a follow-up patch.","commit_id":"ed567c455f7ef822a026ff13330f7775db4519bd"},{"author":{"_account_id":35263,"name":"Matt Crees","email":"mattc@stackhpc.com","username":"mattcrees"},"change_message_id":"537a173fe4f7a3f363bb7d03ec9131dff6cd0f33","unresolved":true,"context_lines":[{"line_number":98,"context_line":"# Redfish CA setting. Set to \u0027True\u0027 by default"},{"line_number":99,"context_line":"#inspector_rule_var_redfish_verify_ca:"},{"line_number":100,"context_line":""},{"line_number":101,"context_line":"# Log Ironic inspector rules marked sensitive. Set to \u0027True\u0027 by default"},{"line_number":102,"context_line":"#ironic_inspector_sensitive_rule_no_log:"},{"line_number":103,"context_line":""},{"line_number":104,"context_line":"# Ironic inspector rule to set IPMI credentials."}],"source_content_type":"text/x-yaml","patch_set":4,"id":"05725bfd_0be7af4f","line":101,"range":{"start_line":101,"start_character":47,"end_line":101,"end_character":71},"in_reply_to":"235e51bd_6e3f6dd5","updated":"2026-03-31 10:22:38.000000000","message":"This currently matches the other comments on L98 and L89.","commit_id":"ed567c455f7ef822a026ff13330f7775db4519bd"}],"releasenotes/notes/no-long-sensitive-inspector-rules-6d6edfcae25feb82.yaml":[{"author":{"_account_id":15197,"name":"Pierre Riteau","email":"pierre@stackhpc.com","username":"priteau","status":"StackHPC"},"change_message_id":"698cf5a65c5a1051c6bee57c1744566a3019016e","unresolved":true,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"security:"},{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    Prevent sensitive inspector rules from appearing in ansible output."}],"source_content_type":"text/x-yaml","patch_set":4,"id":"453f7124_40ff35de","line":4,"range":{"start_line":4,"start_character":4,"end_line":4,"end_character":11},"updated":"2026-03-30 16:17:58.000000000","message":"Nit: Prevents","commit_id":"ed567c455f7ef822a026ff13330f7775db4519bd"},{"author":{"_account_id":35263,"name":"Matt Crees","email":"mattc@stackhpc.com","username":"mattcrees"},"change_message_id":"08e4078e33bb97fa5900b1189deb491db8aa17b0","unresolved":false,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"security:"},{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    Prevent sensitive inspector rules from appearing in ansible output."}],"source_content_type":"text/x-yaml","patch_set":4,"id":"ae15109c_0189a33e","line":4,"range":{"start_line":4,"start_character":4,"end_line":4,"end_character":11},"in_reply_to":"453f7124_40ff35de","updated":"2026-04-01 08:14:20.000000000","message":"Done","commit_id":"ed567c455f7ef822a026ff13330f7775db4519bd"}]}